Free Malware Removal Forum

Welcome to MalwareRemoval.com,What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Hello everyone and thank you for your time. I am stumped on this virus I tried to use hjt , MsnVirRem.exe , scanners and tried to go into safemode and also remove it manually but it has disabled everything includeing savemode and closes everything else as soon as i open it. I have tried a few other sites but was unsuccesfull.
I am able to get a hjt log before it closes the program i noticed in the processes whenever i go to open up these programs a task runs calls Msnvir turns on automatcally and turns it off. So here is my log and hopefully we can figure this out ;

Dontais,
If you wish to continue with help here, please immediately post at G2G that you are doing that. If you wish to continue with them, please tell me and I will lock this thread. Two helpers does not work, and is an unacceptable use of Volunteer resources.
Do NOT make changes in your machine based on more than one helper, without notice. The helpers cannot figure out what is going on if there are "mystery" changes in between.
-----------------------------------------------------------Please note that as long as you're using any form of Peer-to-Peer networking (Morpheus, Limewire, etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.
Once upon a time, P2P file sharing was fairly safe. That is no longer true.
You may decide to continue P2P sharing, but keep in mind that this practice may be the source of your current malware infestation.
Additional information on the safety of Peer to Peer programs themselves is here : http://p2p.malwareremoval.com/Regardless of the program used, the practice of file-sharing is very unsafe for the health of your PC, as you are finding out.-----------------------------------------------------------Remove log items with HighjackThis. Start HijackThis.
Click Do System Scan Only. When the Scan is complete, Check the following entries:F3 - REG:win.ini: load=C:\WINDOWS\system32\ohkkbpo\winlogon.exeF3 - REG:win.ini: run=C:\WINDOWS\system32\ohkkbpo\winlogon.exe ALL the O1 entries Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked.
-----------------------------------------------------------REBOOT Your machine.
-----------------------------------------------------------Use Add/Remove Programs In Control PanelFrom Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :
Logitech MessengeruTorrentTake extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into Keeping the program.
-----------------------------------------------------------Set Your Computer to Show All Files

Click Start.

Click My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab.

Under the Hidden files and folders heading, select Show hidden files and folders.

Uncheck Hide protected operating system files (recommended).

Click Yes to confirm.

Uncheck the Hide file extensions for known file types.

Click OK.

In addition, go to Start, Search. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.

You may want to write this down, print it out, or save it as a Notepad document on your Desktop, since you won't have Internet access in Safe Mode.
-----------------------------------------------------------Start Your Computer in Safe Mode.Reboot into Safe Mode by hitting the F8 key repeatedly as the machine boots, until a menu shows up. Choose Safe Mode from the list. In some systems, this may be the F5 key, so try that if F8 doesn't work. Additional Info is here: http://www.computerhope.com/issues/chsafe.htm-----------------------------------------------------------File and Folder Deletion.In Windows Explorer (My Computer), select View, Details. Then navigate to the folder shown below and Delete.
In the case of a folder removal, you may have to delete all the underlying files and folders before an entire folder can be deleted.
C:\WINDOWS\System32\ohkkbpo\

DO NOT DELETE the folder C:\WINDOWS\SYSTEM32\

If you have any problem deleting a file, right click the file and check Properties to see if it's read-only. Uncheck the read-only box, click Apply and OK. Then retry Delete. If a message pops up saying "File in use", or something like that, hit Ctrl-Alt-Delete and look under the Processes tab. If the filename is in there, highlight it and click End Process, then retry Delete.
Note the name and location of any item you cannot delete.
-----------------------------------------------------------Post a New HJT LogReboot your computer. Start HijackThis. Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply.

Dontais,
Make SURE you downloaded uTorrent from http://www.utorrent.comOtherwise you may have a copy that has other "things" added.
------------------------------------------------Print this out or save it to a NotePad file on your Desktop, since you won't be able to see it online during the Safe Mode part of this procedure.
Download, Update, and Initiialize AVG AntiSpywareYou can download it from here : http://www.ewido.net/en/download/1. After download, double click on the file to launch the install process.
2. Choose a language, click OK and then click Next.
3. Read the License Agreement and click I Agree.
4. Accept the default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click Next, then click Install.
5. After setup completes, click Finish to start the program automatically,
or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
6. The main Status Menu will appear. Select Change state to inactivate Resident Shield and Automatic Updates.
7. Then right click on the AVG Anti-Spyware icon in the system tray and uncheck "Start with Windows".
8. Go to your Windows Start button, choose Run and then type: services.mscThis will bring up the services console.

At the bottom of the Services Window, select the Extended tab and scroll down the list to find AVG Anti-Spyware guard.

When you find the guard service, double-click on it.

In the Properties Window > General Tab that opens, click the Stop button.

From the drop-down menu next to "Startup Type", click on Manual.

Now click Apply, then OK and close the Services window.

Back in the AVG Anti-Spyware Status Menu. Select the Update button and click Start update. Wait until you see the "Update succesfull" message. Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.

Reboot your computer in SAFE MODE using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with AVG Anti-Spyware as follows:

Launch AVG Anti-Spyware, click on the "Scanner" button and choose the "Settings" tab. - Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware. - Under "How to Scan?" check all (default). - Under "Possibly unwanted software" check all (default). - Under "What to Scan?" make sure "Scan every file" is selected (default). - Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".

Click the "Scan" tab to return to scanning options.

Click "Complete System Scan" to start. Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.

IMPORTANT! Do not save the report before you have clicked the "Apply all actions" button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.

Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20061031-090001.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\

Dontais,
-----------------------------------------------------------Use Add/Remove Programs In Control PanelFrom Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :
BPFTPServerBullet Proof FTP Server <== or any name like these
Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into Keeping the program.
-----------------------------------------------------------File and Folder Deletion.In Windows Explorer (My Computer), select View, Details. Then navigate to this folder shown below and Delete.
In the case of a folder removal, you may have to delete all the underlying files and folders before an entire folder can be deleted.
c:\Program Files\BPFTP Server\If you have any problem deleting a file, right click the file and check Properties to see if it's read-only. Uncheck the read-only box, click Apply and OK. Then retry Delete. If a message pops up saying "File in use", or something like that, hit Ctrl-Alt-Delete and look under the Processes tab. If the filename is in there, highlight it and click End Process, then retry Delete.
Note the name and location of any item you cannot delete.
-----------------------------------------------------------Post a New HiJackThis LogReboot your computer. Start HijackThis. Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply.
askey127

Dontais,
-----------------------------------------------------------Download and install CCleaner from here.
Set Options in CCleaner and run Cleaning Scan. Open the CCleaner program.
( Do not use the Issues block to clean anything with this program. It is for experts only and it is risky).

Select Cleaner Settings. Check Internet Explorer, Windows Explorer, and System so that all items are checked. In the Advanced section, have a check only on Old PreFetch Data.

Click on the Options block on the left. Select Advanced.Uncheck"Only delete files in Windows Temp folders older than 48 hours".

Set Cookie Retention. Click on the Options block on the left, then choose Cookies.Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.

Run Cleaning Scan. Click on the Cleaner block on the left. Choose the Windows tab. Click the Run Cleaner button. This process could take a while. When CCleaner shows how much has been removed, cleaning is finished.

-----------------------------------------------------------Retrieve the Installed Programs List from CCleanerOpen CCleaner.
In the Left Pane, click ToolsVerify that Uninstall is highlighted in color, or click on it.
In the lower Right, click Save to Text File.
Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
You can leave the filename as install.txtClick Save

Please post the install.txt file contents from CCleaner, and tell me how the machine is running.
askey127

My computer seems to be running fine so far msn is still haveing some crashing problems but might be just msn not the most reliable program. Other then that i done a few scans and restarted the security center service since it was disabled but its all working good now. Thanks for the help so far and here is the list that you requested aswell ;

Dontais,
Looks OK.
Again allow me to remind you, for your own security, when you download any Open Source program, be sure to get it ONLY from the originator, like SourceForge.net. Since it's open source code, others sometimes corrupt a legitimate program name by modifying the code and adding spyware "features".
-----------------------------------------------------------Disable WinXP System RestoreDisable your System Restore to remove malware files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing them. The only way to erase these files is to temporarily disable System Restore. You will lose all previous restore points which are likely to be infected.
- Right-click My Computer, and then click Properties.
- On the System Restore tab, put a Check mark in the Turn Off System Restore check box.
- Click OK twice, and then click Yes when you are prompted to restart the computer.
If you are not prompted to reboot, do it on your own.
-----------------------------------------------------------
After the Reboot,
Enable WinXP System Restore - Right-click My Computer, and then click Properties.
- On the System Restore tab, Clear the Check mark beside the Turn Off System Restore check box.
- Click OK twice, and then click Yes when you are prompted to restart the computer.
The Disable/Re-enable System Restore sequence is not to be done regularly, but only once after the removal of malware.
Note that all previous restore points will be lost.
-----------------------------------------------------------If You Don't Have It, Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites to your Internet Explorer settings that will protect you from accidentally running or downloading known malicious programs. Available from http://www.javacoolsoftware.com/spywareblaster.html After the installation, click Download Latest Protection Updates. When it finishes, click Enable All Protection.

Thank you for all the help seems to be alright now , and don't worry most programs i use i get from the legitment company except the bulletproof server it had surprised me for that one since i scanned several times before this incident happened never testing viruses for my friends again. But you been great and I'll be sure to stop by if i have any more issues.

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.

Who is online

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.